0

I am trying to generate a pre-signed URL through boto3 however I get the following error.

The request signature we calculated does not match the signature you provided. Check your key and signing method.

It is strange since I can successfully generate a pre-signed url using the CLI. I have checked that the credentials are all correct.

boto3==1.24.76

import boto3


bucket_name = "xxx"
object_name = "xxx"
iam_access_id = "xxx"
iam_secret_key = "xxx"


s3_client = boto3.client(
    "s3", aws_access_key_id=iam_access_id, aws_secret_access_key=iam_secret_key, region_name="eu-west-2"
)

p_url = s3_client.generate_presigned_url(
    ClientMethod="get_object",
    Params={"Bucket": bucket_name, "Key": object_name},
    ExpiresIn=1800,
)

Running on the CLI:

aws s3 presign "s3://xxx" --expires-in 1800

To add to the mystery python successfully creates a presigned URL for files in an old bucket that I have. I tried creating a copy of the old bucket but presigned URL is still incorrect.

Andy
  • 109
  • 1
  • 3
  • 14
  • which https method you are using GET,POST, try adding HTTP method in your code ` import boto3 BUCKET = 'YOUR_BUCKET' KEY = 'YOUR_KEY' s3 = boto3.client('s3') print s3.generate_presigned_url( ClientMethod = 'get_object', Params = {'Bucket' : BUCKET, 'Key' : KEY}, ExpiresIn = 3600, HttpMethod = 'GET')` – Jatin Mehrotra Sep 20 '22 at 13:34
  • That didn't work. But I have made some progress. I moved the .mp3 file to another bucket of mine and now boto3 can assign a valid URL. I just need to figure out what is configured differently in the two buckets. – Andy Sep 20 '22 at 13:38
  • Check policies and acls – Jatin Mehrotra Sep 20 '22 at 13:42
  • This code works for me without any issues. So probably it has to do with the policies, or actual file names. See possible reasons here: https://stackoverflow.com/a/30519762/348851 – defiant Sep 20 '22 at 13:48
  • Its so weird. I created a new bucket (copying the defaults from the working bucket) but the new bucket still fails. – Andy Sep 20 '22 at 14:13
  • I have deleted all my buckets and tried again. It seems to only work for one particular bucket name. I have checked the policies and nothing seems to be out of place ... What I don't understand is why CLI works for all buckets and Python only works for one particular bucket name. I might go crazy. – Andy Sep 20 '22 at 16:29
  • @defiant could you test again on a brand new bucket and a brand new object? i.e not in an already long lived bucket. I have found reports that this can happen on newly created buckets (which could explain why it works on that specific bucket). – Andy Sep 20 '22 at 18:35
  • @Andy I worked on a new bucket the first time. Check your IAM user's permissions and any and all policies for buckets, user etc. If you're using defaults when creating a bucket, then it must be with the user/group I guess. Check by creating a new user with the required permissions and see. – defiant Sep 21 '22 at 08:06
  • @defiant what version of boto3 are you using? The reason why I think it’s boto is because the CLI works across all buckets so it can’t be a policy issue. – Andy Sep 21 '22 at 12:56
  • Now everything works. Must be a timing issue with eu-west-2. The buckets I created yesterday now work but the ones I create on the fly don't. Weird. – Andy Sep 21 '22 at 15:37
  • @Andy cli will work if it has a different set of keys than the keys you are passing to the boto3 client. Anyway I am using boto3 `1.24.76`. Also if you are creating buckets on the fly, please share that code, so that it can be reproduced. – defiant Sep 22 '22 at 07:25

0 Answers0